Stuff other blogs may have missed, >>>

Main menu

FinFisher’s global proliferation

Britain’s Gamma Group proudly boasts it provides advanced technical surveillance, monitoring solutions, and advanced government training, as well as international consultancy to National and State Intelligence Departments and Law Enforcement Agencies.

It’s owned by William Louthean John Alexander Nelson, son of Gamma founder William Louthean Nelson, and Martin Johannes Münch through a shell corporation in the British Virgin Islands.

Gamma International sells interception equipment to government and law enforcement agencies exclusively. Its FinFisher Suite (which includes Trojans to infect PCs, mobile phones, other consumer electronics and servers, as well as technical consulting) is regarded as one of the most advanced in today’s market.

A computer or smartphone is remotely infected by a Trojan, which is then controlled by government agencies through command and control servers. A computer can be infected via false update notifications of software, malicious emails or through physical access to a machine. Finfisher also offers technology to infect an entire Internet cafe in order to survey all possible users.

When installed, it is almost impossible to safely remove the Trojan. Also, there are no safe ways to circumvent Finfisher on an infected machine.

The software is said to be able to bypass common methods and anti-virus detection. It can listen in to Skype talks, chats and encrypted emails and is even able to turn on a computer’s microphone or webcam remotely. With FinFisher technology, it is even possible to gain access to encrypted files on a hard drive.

The company offered to sell “cyber-spy” software used by Egypt to target activists, says the BBC.

“Documents found in the headquarters of the country’s security service suggest it was used for a five-month trial period …”

Now, “ Canadians need to understand the scale of the digital arms trade, the piece highlights Canadian involvement in Internet censorship and surveillance, including the presence of FinSpy command and control servers in Canada,” say Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton in You Only Click Twice from Canada’s Citizen Lab, continuing »»»

According to recent reporting, German Federal Police appear to have plans to purchase and use the FinFisher suite of tools domestically within Germany.5 Meanwhile, findings by our group and others continue to illustrate the global proliferation of FinFisher’s products. Research continues to uncover troubling cases of FinSpy in countries with dismal human rights track records, and politically repressive regimes.

Most recently, work by Bahrain Watch has confirmed the presence of a Bahraini FinFisher campaign, and further contradicted Gamma’s public statements.

This post adds to the list by providing an updated list of FinSpy Command & Control servers, and describing the FinSpy malware samples in the wild which appear to have been used to target victims in Ethiopia and Vietnam.